VDiscover is a tool designed to train a vulnerability detection predictor. Given a vulnerability discovery procedure and a large enough number of training testcases, it extracts lightweight features to predict which testcases are potentially vulnerable.
VDiscover aims to be used when there is a large amount of testcases to analyze using a costly vulnerability detection procedure. It can be trained to provide a quick prioritization of testcases. The extraction of features to perform a prediction is designed to be scalable. Nevertheless, this implementation is not particularly optimized so it should easy to improve the performance of it.
+ Static features are supposed to capture information relevant to a whole program, and they should be obtained withoutrunning the code on particular inputs. Classical static analysis techniques use graph-based representations to express
the code structure, like call graphs, control and data- ow graphs, etc. However, building such structures is costly and not always possible from a (stripped) binary code.
+ Dynamic features are supposed to capture a sample of the behavior of a program in terms of its concrete sequential calls to the C standard library. Additionally the nal state
of the execution is included. Such features are extracted by executing for a limited time a testcase and hooking program events, collecting them in a sequence.
git clone https://github.com/CIFASIS/VDiscover.git
python setup.py install --use